Head of Governance Risk and Controls

Job description

Overview

The Head of Governance Risk and Controls is a key leadership role within the first line of defence security function at KPMG UK. It will be responsible for overseeing and managing governance, risk, and controls across the Enterprise-Wide Technology (EWT) function. This position is Director level and will act as the conscience for the first line of defence technology teams. The role will cover the management, tracking and reporting of security weaknesses, audit points, control gaps and risks. The successful candidate will ensure that our organisation's operations align with regulatory requirements, industry standards, and best practices.

This role requires a strategic thinker, a skilled leader, and a dedicated GRC professional who can navigate the evolving landscape of KPMG UK. They will be responsible for helping accountable owners to monitor and track our position across the first line technology function.

This role will also need to liaise with colleagues across different capabilities, group entities, second line of defence and audit.

This represents an exciting opportunity to join a growing function and help to shape the future of GRC at KPMG UK. With the recent merger of the UK and Swiss firms, there are many opportunities for alignment and this role will be key to identifying opportunities to work together. There are also a number of in-flight investments which will allow us to continue to evolve in our control and security posture.

Reporting and Accountability

This role reports directly to the Head of Cyber Security. It will have regular interactions with counterparts in Switzerland, members of the Enterprise-Wide Technology (EWT) leadership team, colleagues in second line of defence, audit and CTO’s.

The role will need to collaborate with colleagues from other member firms and KPMG entities around the world.

By developing and automating reporting that will include, at a minimum Key Risk Indicator’s (KRI) and Key Performance Indicator’s (KPI), the role holder will establish and host a periodic GRC forum and also represent Cyber Security and EWT on various forums to provide updates on the firm's GRC posture and initiatives.

Key Responsibilities

-             Governance: Develop and implement mechanisms that hold the first line technology leadership team to account across the domains of control and security weaknesses, policy non-compliance, audit points and risk management.

-             Reporting: Work with key teams and stakeholders to develop a range of meaningful KRI’s and KPI’s that allow KPMG UK to track it’s performance in this space.

-             Risk Management: Aggregate, track and report on any identified risks across the first line of defence technology teams. Work with stakeholders to agree risk mitigation treatments and monitor risk exposure.

-             Control: Establish and maintain capability to monitor and track identified control weaknesses and action plans to safeguard assets and promote security and control compliance. Work with stakeholders to address control gaps and recommend improvements.

-             Security: Track and manage identified security weaknesses, working with stakeholders to agree remedial actions and drive improvements.

-             Audit: Collaborate with internal and external auditors to facilitate comprehensive audits. Track audit points and work with EWT leadership team to ensure timely resolution of audit findings or escalations.

-             Compliance: Ensure that EWT complies with all relevant requirements, policies and standards. Monitor changes in these requirements and adjust accordingly.

-             Monitor and report on the Firm’s compliance status, addressing any gaps or deficiencies as needed.

Experience

-             Bachelor's degree in Relevant area such as Risk, Information Security, Information Technology, Computer Science, or equivalent professional experience.

-             Relevant certifications such as CGRC, CISSP or CISM are desirable.

-             Thorough understanding of risk management principles and processes.

-             Relevant experience within GRC and in a leadership or management role.

-             Proven track record of building and operating a GRC function.

-             Proven track record of contributing to and implementing successful technology and security strategies.

-             Experience in designing and implementing high value reporting metrics.

-             Strong knowledge of security regulations, standards, and best practices.

-             Experience working in a highly regulated industry such as finance, healthcare, or energy is a plus.

-             Excellent leadership and management skills, with the ability to inspire and motivate a team.

-             Strong analytical and problem-solving skills, with the ability to assess and mitigate risks effectively.

-             Exceptional communication and interpersonal skills, with the ability to work collaboratively with diverse stakeholders.

-             High level of integrity and professionalism, with a commitment to ethical conduct and confidentiality.

-             Ability to stay calm and focused under pressure

#LI-EH1